Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-18 02:03:50 2014-07-18 02:07:28 218 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine3 winxpmacine3 VirtualBox 2014-07-18 02:03:51 2014-07-18 02:07:28

File Details

File name sep14kam.pdf
File size 96081 bytes
File type PDF document, version 1.5
CRC32 FEBE9B43
MD5 5d7393d375a14a025a6568729da03954
SHA1 13d856132b69edb4583606f8564eba64086afa16
SHA256 d94bb8ca400b4de711f65a117c12aeae3a7d3a3979d107e13ed2b211eea4c254
SHA512 0b88b47ad69f08f4e7381cf6eb6834355cb7b84ce54660ce5388ddcb67f3f6f9d80b952543b456b49cf1ae6dfd171efe01a32ec3d75159af44d840ec1fbb6f63
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-18 05:49:57
Detection Rate: 0/54 (Expand)

Signatures

Starts servers listening on 127.0.0.1:0, 0.0.0.0:0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Files
  • C:\DOCUME~1
  • C:\DOCUME~1\TDW
  • C:\DOCUME~1\TDW\LOCALS~1
  • C:\DOCUME~1\TDW\LOCALS~1\Temp
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\sep14kam.pdf
  • C:\Documents and Settings\TDW\Local Settings\Temp\sep14kam.pdf
  • C:\Documents and Settings\TDW
  • C:\Documents and Settings\TDW\Local Settings\Temp
  • C:\WINDOWS\system32\KBDUS.DLL
  • C:\WINDOWS
  • C:\Program Files\Adobe
  • C:\Program Files\Adobe\Reader 11.0\Reader
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx
  • C:\Documents and Settings\TDW\Application Data\Adobe
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Speech
  • C:\WINDOWS\system32
  • C:\Documents and Settings\TDW\Local Settings\Application Data\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\
  • C:\Documents and Settings\TDW\Local Settings\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color\ACECache11.lst
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\
  • C:\WINDOWS\system32\rsaenh.dll
  • C:\Documents and Settings\TDW\Application Data\
  • C:\Documents and Settings\TDW\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdrk.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdr.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdri.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages
  • PIPE\wkssvc
  • IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • MountPointManager
  • STORAGE#Volume#1&30a96598&0&SignatureC7EDC7EDOffset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • C:\Documents and Settings
  • C:\Documents and Settings\TDW\My Documents
  • C:\Documents and Settings\TDW\My Documents\desktop.ini
  • C:\Documents and Settings\All Users
  • C:\Documents and Settings\All Users\Documents
  • C:\Documents and Settings\All Users\Documents\desktop.ini
  • C:\Documents and Settings\TDW\Desktop
  • C:\Documents and Settings\All Users\Desktop
  • C:\WINDOWS\Registration\R000000000007.clb
  • C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\UserCache.bin
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab
  • C:\Documents and Settings\TDW\Application Data\desktop.ini
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\Y6WYKG62
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\FAP1.tmp
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\FAP1.tmp
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents-journal
  • C:\Documents and Settings\TDW\Local Settings\Temp\
  • PIPE\lsarpc
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R6BAF.tmp
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal
  • C:\WINDOWS\system32\shell32.dll
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SXI3GLI7
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SXI3GLI7
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SXI3GLI7\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SXI3GLI7\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\W5IFW1QV
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\W5IFW1QV
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\W5IFW1QV\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\W5IFW1QV\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\MPYTAP6L
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\MPYTAP6L
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\MPYTAP6L\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\MPYTAP6L\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\OTAZYTU1
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\OTAZYTU1
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\OTAZYTU1\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\OTAZYTU1\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\History
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\
  • C:\
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Cookies\
  • C:\Documents and Settings\TDW\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat
  • C:\WINDOWS\system32\userenv.dll
  • c:\autoexec.bat
  • C:\Documents and Settings\TDW\Local Settings
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\Certificates\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CRLs\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CTLs\*
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\WINDOWS\system32\Ras\*.pbk
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\Documents and Settings\TDW\Cookies\tdw@adobe[2].txt
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\assets
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R6BB0.tmp
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\A9R6BB0.tmp
Mutexes
  • Global\ARM Update Mutex
  • Global\Acro Update Mutex
  • {100184D2-BDC3-477a-B8D3-65548B67914C}_488
  • _!MSFTHISTORY!_
  • c:!documents and settings!tdw!local settings!temporary internet files!content.ie5!
  • c:!documents and settings!tdw!cookies!
  • c:!documents and settings!tdw!local settings!history!history.ie5!
  • WininetStartupMutex
  • WininetConnectionMutex
  • WininetProxyRegistryMutex
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Privileged
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0
  • HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Acrobat\11.0\Security
  • HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\11.0\Installer
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c1
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003
  • Keyboard Layout\Preload
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_CURRENT_USER\
  • HKEY_CLASSES_ROOT\
  • HKEY_LOCAL_MACHINE\
  • HKEY_USERS\
  • HKEY_CURRENT_CONFIG\
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\11.0
  • HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Justsystem\ATOK\Setup\Folder
  • HKEY_LOCAL_MACHINE\System
  • HKEY_LOCAL_MACHINE\System\Acrobatbrokerserverdispatchercpp789
  • Software\Adobe\Acrobat Reader\11.0\Installer\Migrated
  • Language
  • Software\Adobe\Adobe Synchronizer\11.0
  • Software\Adobe\Adobe Synchronizer\11.0\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
  • HKEY_CLASSES_ROOT\.exe
  • HKEY_CLASSES_ROOT\exefile
  • HKEY_CLASSES_ROOT\exefile\CurVer
  • HKEY_CLASSES_ROOT\exefile\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
  • HKEY_CLASSES_ROOT\SystemFileAssociations\application
  • HKEY_CLASSES_ROOT\exefile\\Clsid
  • HKEY_CLASSES_ROOT\*
  • HKEY_CLASSES_ROOT\*\Clsid
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CLASSES_ROOT\Directory
  • HKEY_CLASSES_ROOT\Directory\CurVer
  • HKEY_CLASSES_ROOT\Directory\
  • HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\Directory\\Clsid
  • HKEY_CLASSES_ROOT\Folder
  • HKEY_CLASSES_ROOT\Folder\Clsid
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  • HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CLASSES_ROOT\.ade
  • HKEY_CLASSES_ROOT\.adp
  • HKEY_CLASSES_ROOT\.app
  • HKEY_CLASSES_ROOT\.asp
  • HKEY_CLASSES_ROOT\.bas
  • HKEY_CLASSES_ROOT\.bat
  • HKEY_CLASSES_ROOT\.cer
  • HKEY_CLASSES_ROOT\.chm
  • HKEY_CLASSES_ROOT\.cmd
  • HKEY_CLASSES_ROOT\.com
  • HKEY_CLASSES_ROOT\.cpl
  • HKEY_CLASSES_ROOT\.crt
  • HKEY_CLASSES_ROOT\.csh
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  • HKEY_CLASSES_ROOT\exefile\\shell\open
  • HKEY_CLASSES_ROOT\exefile\\shell\open\command
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe
  • HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\Applications\Eula.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\TreatAs
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServerX86
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
  • HKEY_CLASSES_ROOT\AppID\AcroRd32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles
  • Software\Adobe\Adobe Synchronizer\11.0\CredentialsV2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014071820140719
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\PhysicalStores
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Volatile Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Certificates
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CRLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CTLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\adobe.com
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\

Processes

registry filesystem process services network synchronization

AcroRd32.exe PID: 488, Parent PID: 256

Volatility

Nothing to display.